Discover and read the best of Twitter Threads about #mAadhaar
Most recents (3)
1/ Go through this tweets thread👇(especially don’t miss 11/ in this thread) to understand how persons like @fs0c131y are running #propaganda against our govt apps.
It will explain how for famous govt apps claims of #hacking or security issues are made while hiding the #reality
It will explain how for famous govt apps claims of #hacking or security issues are made while hiding the #reality
2/ First thing is you have to look like a pro hacker like those you see in movies or web series
—> yes you thought it right! You can even use name of a famous fictional character from web series or movies say #ElliotAlderson in #MrRobot web series. How cool that is! Isn’t it?🤔
—> yes you thought it right! You can even use name of a famous fictional character from web series or movies say #ElliotAlderson in #MrRobot web series. How cool that is! Isn’t it?🤔
3/ To look more cool 😎 hacker
—> You need some fancy terminal and fancy font. Powerline font and Oh-my-zsh with the Agnoster theme would be cool.
—> use curl for making requests to app server (you can even avoid posting the response in case you did not get desired response 😂)
—> You need some fancy terminal and fancy font. Powerline font and Oh-my-zsh with the Agnoster theme would be cool.
—> use curl for making requests to app server (you can even avoid posting the response in case you did not get desired response 😂)
1/ Few days back a hacker claimed that he has found some serious security flaws in @SetuAarogya and 90 million user's privacy is at risk and also wrote an article on medium for explanation of the issues he found. Follow the thread to know the REALITY of so called security issues.
Read the bold part (that speaks the important part in brief) in tweets ahead in this thread. 
That is an intentional feature of the application and it provides you number of nearby users, covid-19 positive users etc and NOT their identities. Also the radius for which you can ask this data has only few values : 500m, 1Km, 2Km, 5Km, 10Km only.
Looks like #mAadhaar is back in news again because of @fs0c131y . For those who are wondering, what the problem is with the OTP code, of mAadhaar, a short primer follows: 👇
1. Clients need secrets to talk with servers. Usually clients need to authenticate themselves. (Password).
2. In this case, the password is the OTP. Unlike a password, which is in *your head*, the OTP is a dynamic password sent to the phone via SMS. So if OTP is revealed?
2. In this case, the password is the OTP. Unlike a password, which is in *your head*, the OTP is a dynamic password sent to the phone via SMS. So if OTP is revealed?
3. Whoever gets the OTP, becomes you. This is not new type of attack, but one that we see on Banking all the time. So what does mAadhaar use OTP for?
4. It exchanges a secret with the Android App. And the secret is then used to generate VID, TOTP etc.
4. It exchanges a secret with the Android App. And the secret is then used to generate VID, TOTP etc.
